Register for your free account! | Forgot your password?

You last visited: Today at 16:54

  • Please register to post and access all features, it's quick, easy and FREE!

Advertisement



[Release] S4League Dump

Discussion on [Release] S4League Dump within the S4 League Hacks, Bots, Cheats & Exploits forum part of the S4 League category.

Reply
 
Old 10/01/2014, 09:51   #16
 
elite*gold: 0
Join Date: Aug 2013
Posts: 11
Received Thanks: 3
i guess he just unlocked file protection to read item addresses and hack codes am i right?
ozgur298 is offline  
Old 10/01/2014, 09:53   #17
 
[Rokudo]'s Avatar
 
elite*gold: 0
Join Date: Jun 2014
Posts: 400
Received Thanks: 353
It insta-crashes for me ;o
[Rokudo] is offline  
Old 10/01/2014, 13:00   #18
 
golle12's Avatar
 
elite*gold: 29
Join Date: Aug 2011
Posts: 640
Received Thanks: 493
What do you mean with crash? Do you mean if you are attach to s4 cljent it Crashs or?
golle12 is offline  
Thanks
1 User
Old 10/01/2014, 14:13   #19
 
[Rokudo]'s Avatar
 
elite*gold: 0
Join Date: Jun 2014
Posts: 400
Received Thanks: 353
Quote:
Originally Posted by golle12 View Post
What do you mean with crash? Do you mean if you are attach to s4 cljent it Crashs or?
Nope, with this unpacked S4Client.exe, even if i start S4 without any bypass / hack i get crash.
[Rokudo] is offline  
Old 10/01/2014, 14:31   #20
 
elite*gold: 0
Join Date: Sep 2014
Posts: 277
Received Thanks: 74
Quote:
Originally Posted by [Rokudo] View Post
Nope, with this unpacked S4Client.exe, even if i start S4 without any bypass / hack i get crash.
Wich System you got?

And did you try it to start as admin or so?
Viroouz is offline  
Thanks
1 User
Old 10/01/2014, 14:39   #21
 
[Rokudo]'s Avatar
 
elite*gold: 0
Join Date: Jun 2014
Posts: 400
Received Thanks: 353
Quote:
Originally Posted by Viroouz View Post
Wich System you got?

And did you try it to start as admin or so?
There is no point in starting as admin o.o
You can't start S4Client.exe because you'd get to the old log in screen and you'd be stuck there.
You can start patcher.exe as admin , but that wouldn't have any effect on S4Client.exe dem logic ;o

Windows 7 x64 , but that doesn't matter either
[Rokudo] is offline  
Old 10/01/2014, 16:04   #22
 
epkFlaflo's Avatar
 
elite*gold: 0
Join Date: Apr 2014
Posts: 128
Received Thanks: 437
Quote:
Originally Posted by [Rokudo] View Post
There is no point in starting as admin o.o
You can't start S4Client.exe because you'd get to the old log in screen and you'd be stuck there.
You can start patcher.exe as admin , but that wouldn't have any effect on S4Client.exe dem logic ;o

Windows 7 x64 , but that doesn't matter either
for me it is actually working :P
Win7 x64
epkFlaflo is offline  
Old 10/01/2014, 16:23   #23
 
-Zonda's Avatar
 
elite*gold: 0
Join Date: Sep 2014
Posts: 197
Received Thanks: 259
Just open S4L normal and then open the S4Client Dumped.exe
I think thats right o.o like that it works 4 me.
-Zonda is offline  
Old 10/01/2014, 17:14   #24
 
elite*gold: 0
Join Date: Sep 2014
Posts: 32
Received Thanks: 1
can you explain me what the hack do?
Rookiez45678 is offline  
Old 10/01/2014, 17:35   #25
 
epkFlaflo's Avatar
 
elite*gold: 0
Join Date: Apr 2014
Posts: 128
Received Thanks: 437
Quote:
Originally Posted by Rookiez45678 View Post
can you explain me what the hack do?
its not a hack, u just can attatch s4 with a debugger, because normal s4client.exe is packed!
epkFlaflo is offline  
Old 10/02/2014, 17:54   #26
 
Atsukaro's Avatar
 
elite*gold: 123
Join Date: Aug 2011
Posts: 854
Received Thanks: 575
Quote:
Originally Posted by Sir Nexus View Post
not work, win 10 xD
Win 10 = Not Possible.

Win 8.1 (x64) Funkt nicht -.- schade^^ wär n1 wennde das für w8/8.1 zum laufen bringen könntest
Atsukaro is offline  
Old 10/02/2014, 23:30   #27
 
Atsukaro's Avatar
 
elite*gold: 123
Join Date: Aug 2011
Posts: 854
Received Thanks: 575
Quote:
Originally Posted by Sir Nexus View Post
Speed, das war mein ernst. xD

Ich habe Windows 10.
Yaa habs grad gesehn, bei onHax, dachte wäre noch ned soweit, dass es schon irwo zum download gibt^^
Atsukaro is offline  
Old 10/03/2014, 03:18   #28
 
[P2933]Step29's Avatar
 
elite*gold: 0
Join Date: Sep 2014
Posts: 545
Received Thanks: 585
Hi, I came from another game. I recently went back to playing this game and I am having a few issues with the disassembly of S4 League
About time this got unpacked, I could barley understand the packed version because it's missing so much information from the last time I played, but I'm slowly trying to understand the coding engine behind S4 League since this game is a whole new environment to me.
I have been doing ASM for 5 years, the unpacked version make sense, but the packed version does not. I will show some screenshots.

Let's talk about the unpacked version and the packed one.




Huh. That is weird. While I do understand that Pointer Address do commonly change, I thought that the unpacked version would contain the latest AOBs? Unless they change Pointer Addresses every Patch, anyways any AOB I see in the Unpacked, I cannot find it in the Packed version, dispite being able to read the ASM in Cheat Engine.





What happend to GAMETEMPO? Inside GAMETEMPO there are strings that I would supect the hardcoded client would pick up, like damage_multiplier. But here even the unpacked version it doesn't appear. So now this makes me wonder how does GAMETEMPO works in the S4 League Engine, and how are the values stored?
(on an unrealted note. "sniper_mode" doesnt exist for the strings at all)


Speaking about values, they don't seem to be findable in the packed version at all.


So since I am Unable to find the AOBs from the unpacked to the packed version, unable to find default values that the game needs to read, and aquairing information that is Missing from the unpacked version, my only method now is to do this the old school way, Values that appear on screen.



What the hell man. Everything is done by MOV? We don't have any SUB or anything like that? How is the System Subtracing anything then?
Also whats with this particular MOV controlling like 8 different pointers, the others MOVs are like this too, Is this normal? I'm not sure how to Disassemble this because if I try to edit something I fear that the game would crash.
I'm very curious now. How is it Subtracting the ammo? Of course I could go look at the whole beginning of the function, and go look for a long JE to JMP but the game would either crash or it won't let me shoot.
I could edit the MOV to be XOR ECX,ECX INC ECX but I fear that would crash the client as well.

I'm honestly not sure what to do to make modfications for this game, the ASM just very complicated and challenging (And while that is interesting, It's still making me very confused, I feel like I'm starting to miss something important.). After days of trying to figure this whole thing out, I guess I can say I give up and I want to seek for Information, I have tried to myself via Google and another Private Search Engine but it has come up with either decent or no good results.


It's times like this where I miss the X7 System.
[P2933]Step29 is offline  
Thanks
1 User
Old 10/03/2014, 04:14   #29
 
Neyil's Avatar
 
elite*gold: 0
Join Date: May 2014
Posts: 344
Received Thanks: 174
Hi step! The way this unpacked S4 client actually works is for several inform able reasons. The reason why you cannot find AoB's patterns in your scan is because the default scan range for everything is changed! Hackshield is still in the client. You cannot really remove it completely. The server always gets everyone. So this unpacker pretty much has a bypass! That is what it really is after all. He bypasses the strings and bypasses the debugging checks with some neat functions! The method he most likely uses is by moving the S4 memory into a different range from 0040000 _> ??? (This is the normal range of memory that is unmodified by the user.); To a completely different range, he makes it where hackshield scans the same memory that was originally there.. but he moved that memory that was there to a completely different place from which hackshield scans! He pretty much emulated the memory if you ask me. Trust me.. X7 is still possible. Change your scan range to a completely different scan range that is the memory the emulator creates. You will get addresses that won't make you crash. 8D In cheat engine, click CTRL+ALT+S! Have a good day sir, good luck hacking.
Neyil is offline  
Old 10/03/2014, 05:17   #30
 
[P2933]Step29's Avatar
 
elite*gold: 0
Join Date: Sep 2014
Posts: 545
Received Thanks: 585
Hi! Thanks for the reply.

Quote:
Originally Posted by Neyil View Post
Hi step! The way this unpacked S4 client actually works is for several inform able reasons. The reason why you cannot find AoB's patterns in your scan is because the default scan range for everything is changed! Hackshield is still in the client. You cannot really remove it completely. The server always gets everyone. So this unpacker pretty much has a bypass! That is what it really is after all. He bypasses the strings and bypasses the debugging checks with some neat functions!
Hmm, I see. But of course like any Unpacked Client, it's probably not executable and damaged before I could even run the unpacked exe itself, so I just assume the dump is there for Resources Information.

Quote:
The method he most likely uses is by moving the S4 memory into a different range from 0040000 _> ??? (This is the normal range of memory that is unmodified by the user.); To a completely different range, he makes it where hackshield scans the same memory that was originally there.. but he moved that memory that was there to a completely different place from which hackshield scans! He pretty much emulated the memory if you ask me.
So wait, are you telling me I would have to hook the dumped executable? But I'm not really sure how I would do that...Does it work like Injecting?
But wait, even if you were to inject it...How would it be possible that the functions in the dump will be used if it does get hooked.
Maybe I'm missing something here

Quote:
Trust me.. X7 is still possible.
I'm talking about the one zYan made. That was god tier. I made my own .x7 files that no one had in EPVP, Including the ability to play Any animation in game, Including Arcade Animations
I heard it discontinued, so it's disappointing. I also used S4R but any edit that I would do, even a simple value, would crash the whole Program and I would have to re-download the whole game again due to Damaged Resources.


Quote:
Change your scan range to a completely different scan range that is the memory the emulator creates.
Other then the "Memory Scan Options"...We can do that? Half of the time it doesn't even work for Cheat Engine
For Example:
Like if "0F 84 ?? ?? ?? ??" existed in 62000000 but was Located in DLL1.dll, Cheat Engine would fail to scan that because Cheat Engine would only scan 00400000~FFFFFFFF in EXE1.exe, not DLL1.dll
If I could change the scan options so it would scan in DLL1, that would be nice, I havent learned that method other then the "hard way" which is using "Find Assembly Code"

Quote:
You will get addresses that won't make you crash. 8D In cheat engine, click CTRL+ALT+S! Have a good day sir, good luck hacking.

I'm not sure what I'm suppose to be looking for here.

Unless...I'm suppose to be scanning these? They sound like Resources files.
[P2933]Step29 is offline  
Reply

Tags
disassembler, dump, hack exe, hacked, s4league


Similar Threads Similar Threads
[Release] Disable Dump generation from all the nodes
11/22/2020 - SRO PServer Guides & Releases - 14 Replies
An small release, a simple script for XVI32 that remove the generation of dump files (those with .dmp extension) on all the nodes, ShardManager, Globalmanager, gameserver, etc. All of them. This is specially useful for disable the ShardManager dumps, which can cause few lags on the server when many players are logged in at the same time. Script attached. How to use? Download XVI32, load the .exe you want to patch, go to XVIscript<Editor, press the load icon (or Script<Open) and...
[Release]Server-Info Dump
06/16/2012 - Metin2 Hacks, Bots, Cheats, Exploits & Macros - 5 Replies
Joa, liest alle Server in der serverinfo.py aus, falls diese nicht genutzt wird bzw über Buttons oder sonstige Events in der intrologin.py gearbeitet wird, liest es die intrologin.py aus und entnimmt dort die Server Informationen. Hab das ganze damals für jemanden gemacht, teils weil ich dachte, dass ers brauchen könnte, teils aus Langeweile. Naja Script einfach injecten und #done Kleines Beispiel was es ausgibt bei gemoddeter intrologin.py: Server-Info Dump:
[PROBLEM]Cannot dump. No dump device defined.
07/30/2011 - Metin2 Private Server - 5 Replies
Moin, bin ja eigentlich nicht der, der bei Problemen direkt ins Forum rennt, aber seit kurzem macht FreeBSD sehr eigenartige dinge, z.s. im folgenden Bild: http://img337.imageshack.us/img337/9282/faild.png Wenn ich 3-4 mal Reboote Startet er, aber vorher auch nicht... Und jetzt kommts, das Passiert mit ALLEN SF's die ich besitze, d.h. neu machen kann ich vergessen... Kann da jemand Abhilfe schaffen?
[RELEASE]2010 Item_Proto / Mob_Proto SQL Dump
06/17/2011 - Metin2 PServer Guides & Strategies - 17 Replies
Ich Release hier meine Mob & Item_Proto für euch habe heute 2 Stunden daran gesessen sie zu Übersetzen... Also spart euch bitte Flames ! Das einzigste was ihr machen müsst ist die Umlaute selbst zu ändern damit ihr auch etwas zu tun habt. Die Protos sind für die 2010 Serverfiles / Datenbank.



All times are GMT +1. The time now is 16:54.


Powered by vBulletin®
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2024 elitepvpers All Rights Reserved.